Merge pull request #236 from kpcyrd/bump

Fix clone3 sandbox crash, improve sandbox crash error message
kpcyrd · Nov 13, 2022 · 5364328 · 5364328
2 parents aa3311b + 01bcb10
commit 5364328
Show file tree

Hide file tree

Showing 10 changed files with 649 additions and 482 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/docs/sandbox.rst b/docs/sandbox.rst
@@ -119,7 +119,7 @@ You might experience a sandbox failure, especially on architectures that are
 less popular. This usually looks like this::
 
     [sn0int][example][kpcyrd/ctlogs] > run
-    [-] Failed "example.com": EOF while parsing a value at line 1 column 0
+    [-] Failed "example.com": Sandbox child has crashed
     [+] Finished kpcyrd/ctlogs (1 errors)
 
 A module that never finishes could also mean an IO thread inside the worker got

diff --git a/modules/harness/winkekatze-sub.lua b/modules/harness/winkekatze-sub.lua
@@ -10,8 +10,13 @@ function run()
     mqtt_subscribe(sock, '#', 0)
 
     while true do
-        local pkt = mqtt_recv_text(sock)
+        local pkt = mqtt_recv(sock)
         if last_err() then return end
-        info(pkt)
+        local log = {pkt=pkt}
+        if pkt then
+            log['text'] = utf8_decode(pkt['body'])
+            if last_err() then clear_err() end
+        end
+        info(log)
     end
 end
diff --git a/src/cal/date.rs b/src/cal/date.rs
@@ -55,11 +55,11 @@ fn chunk_months(ctx: &DateContext, months: &[DateSpec]) -> String {
 }
 
 fn days_in_month(year: i32, month: u32) -> i64 {
-    let start = Utc.ymd(year, month, 1);
+    let start = Utc.with_ymd_and_hms(year, month, 1, 0, 0, 0).single().expect("Datetime is not unique");
     let end = if month == 12 {
-        Utc.ymd(year + 1, 1, 1)
+        Utc.with_ymd_and_hms(year + 1, 1, 1, 0, 0, 0).single().expect("Datetime is not unique")
     } else {
-        Utc.ymd(year, month + 1, 1)
+        Utc.with_ymd_and_hms(year, month + 1, 1, 0, 0, 0).single().expect("Datetime is not unique")
     };
     end.signed_duration_since(start).num_days()
 }
@@ -152,7 +152,7 @@ impl DateSpec {
             bail!("Too many datespec args");
         }
 
-        let today = Utc::today();
+        let today = Utc::now();
         let ds = match (args.get(0), args.get(1), context) {
             (None, _, None) => DateSpec::YearMonth((today.year(), today.month())),
             (None, _, Some(context)) => DateSpec::YearMonthContext((today.year(), today.month(), context)),
@@ -172,8 +172,8 @@ impl DateSpec {
 
     pub fn start(&self) -> NaiveDate {
         match self {
-            DateSpec::Year(year) => NaiveDate::from_ymd(*year, 1, 1),
-            DateSpec::YearMonth((year, month)) => NaiveDate::from_ymd(*year, *month, 1),
+            DateSpec::Year(year) => NaiveDate::from_ymd_opt(*year, 1, 1).expect("Invalid month/day"),
+            DateSpec::YearMonth((year, month)) => NaiveDate::from_ymd_opt(*year, *month, 1).expect("Invalid month/day"),
             DateSpec::YearMonthContext((year, month, context)) => {
                 let mut year = *year - (*context / 12) as i32;
                 let context = context % 12;
@@ -183,29 +183,29 @@ impl DateSpec {
                 } else {
                     month - context
                 };
-                NaiveDate::from_ymd(year, month, 1)
+                NaiveDate::from_ymd_opt(year, month, 1).expect("Invalid month/day")
             },
         }
     }
 
     pub fn end(&self) -> NaiveDate {
         match self {
-            DateSpec::Year(year) => NaiveDate::from_ymd(year + 1, 1, 1),
+            DateSpec::Year(year) => NaiveDate::from_ymd_opt(year + 1, 1, 1).expect("Invalid month/day"),
             DateSpec::YearMonth((year, month)) => {
                 let (year, month) = if *month == 12 {
                     (*year + 1, 1)
                 } else {
                     (*year, *month + 1)
                 };
-                NaiveDate::from_ymd(year, month, 1)
+                NaiveDate::from_ymd_opt(year, month, 1).expect("Invalid month/day")
             },
             DateSpec::YearMonthContext((year, month, _context)) => {
                 let (year, month) = if *month == 12 {
                     (*year + 1, 1)
                 } else {
                     (*year, *month + 1)
                 };
-                NaiveDate::from_ymd(year, month, 1)
+                NaiveDate::from_ymd_opt(year, month, 1).expect("Invalid month/day")
             },
         }
     }
@@ -221,7 +221,7 @@ impl DateSpec {
             DateSpec::YearMonth((year, month)) => {
                 let mut w = String::new();
 
-                let start = Utc.ymd(*year, *month, 1);
+                let start = Utc.with_ymd_and_hms(*year, *month, 1, 0, 0, 0).single().expect("Datetime is not unique");
                 let days = days_in_month(*year, *month) as u32;
 
                 writeln!(w, "{:^21}", start.format("%B %Y")).expect("out of memory");
@@ -233,7 +233,7 @@ impl DateSpec {
 
                 let mut week_written = week_progress * 3;
                 for cur_day in 1..=days {
-                    let date = NaiveDate::from_ymd(*year, *month, cur_day);
+                    let date = NaiveDate::from_ymd_opt(*year, *month, cur_day).expect("Invalid month/day");
 
                     if !ctx.is_future(&date) {
                         let activity = ctx.activity_for_day(&date);
@@ -297,7 +297,7 @@ mod tests {
         DateContext {
             events: HashMap::new(),
             max: 0,
-            today: NaiveDate::from_ymd(2020, 5, 30),
+            today: NaiveDate::from_ymd_opt(2020, 5, 30).unwrap(),
         }
     }
 
@@ -325,9 +325,9 @@ mod tests {
         let ctx = DateContext {
             events,
             max: 0,
-            today: NaiveDate::from_ymd(2020, 6, 6),
+            today: NaiveDate::from_ymd_opt(2020, 6, 6).unwrap(),
         };
-        let grade = ctx.activity_for_day(&NaiveDate::from_ymd(2020, 6, 6));
+        let grade = ctx.activity_for_day(&NaiveDate::from_ymd_opt(2020, 6, 6).unwrap());
         assert_eq!(grade, ActivityGrade::None);
     }
 

diff --git a/src/cal/time.rs b/src/cal/time.rs
@@ -14,7 +14,7 @@ fn round_to_slice(time: &NaiveDateTime, slice_duration: u32) -> NaiveDateTime {
     let hour = time.hour();
     let mins = time.minute();
     let slice = mins - (mins % slice_duration);
-    date.and_hms(hour, slice, 0)
+    date.and_hms_opt(hour, slice, 0).expect("Invalid hour/min/sec")
 }
 
 fn setup_graph_map(events: &[Activity], slice_duration: u32) -> (HashMap<NaiveDateTime, u64>, u64) {
@@ -110,7 +110,7 @@ pub struct DateTimeSpec {
 
 impl DateTimeSpec {
     pub fn from_args(args: &[DateArg], context: Option<u32>) -> Result<DateTimeSpec> {
-        let today = Utc::today().naive_utc();
+        let today = Utc::now().date_naive();
         if args.is_empty() {
             let mut start = today;
 
@@ -176,7 +176,7 @@ impl DateTimeSpec {
             let mut mins = 0;
 
             for _ in 0..(MIN_PER_DAY / ctx.slice_duration) {
-                let time = date.and_hms(hours, mins, 0);
+                let time = date.and_hms_opt(hours, mins, 0).expect("Invalid hour/min/sec");
 
                 if !ctx.is_future(&time) {
                     let activity = ctx.activity_for_slice(&time);

diff --git a/src/cmd/activity_cmd.rs b/src/cmd/activity_cmd.rs
@@ -18,7 +18,7 @@ pub struct TimeSpec {
 
 impl TimeSpec {
     fn resolve(s: &str, now: NaiveDateTime) -> Result<Self> {
-        let today = NaiveDateTime::new(now.date(), NaiveTime::from_hms(0, 0, 0));
+        let today = NaiveDateTime::new(now.date(), NaiveTime::from_hms_opt(0, 0, 0).expect("Invalid hour/min/sec"));
 
         let datetime = match s {
             "today" => today,
@@ -122,8 +122,8 @@ mod tests {
     use super::*;
 
     fn datetime() -> NaiveDateTime {
-        let date = chrono::NaiveDate::from_ymd(2020, 3, 14);
-        let time = chrono::NaiveTime::from_hms(16, 20, 23);
+        let date = chrono::NaiveDate::from_ymd_opt(2020, 3, 14).unwrap();
+        let time = chrono::NaiveTime::from_hms_opt(16, 20, 23).unwrap();
         NaiveDateTime::new(date, time)
     }
 

diff --git a/src/cmd/cal_cmd.rs b/src/cmd/cal_cmd.rs
@@ -34,8 +34,8 @@ impl Cmd for Args {
                 .context("Failed to parse date spec")?;
             let filter = ActivityFilter {
                 topic: None,
-                since: Some(dts.start().and_hms(0, 0, 0)),
-                until: Some(dts.end().and_hms(23, 59, 59)),
+                since: Some(dts.start().and_hms_opt(0, 0, 0).expect("Invalid hour/min/sec")),
+                until: Some(dts.end().and_hms_opt(23, 59, 59).expect("Invalid hour/min/sec")),
                 location: false,
             };
             let events = Activity::query(rl.db(), &filter)?;
@@ -53,12 +53,12 @@ impl Cmd for Args {
                 .context("Failed to parse date spec")?;
             let filter = ActivityFilter {
                 topic: None,
-                since: Some(ds.start().and_hms(0, 0, 0)),
-                until: Some(ds.end().and_hms(23, 59, 59)),
+                since: Some(ds.start().and_hms_opt(0, 0, 0).expect("Invalid hour/min/sec")),
+                until: Some(ds.end().and_hms_opt(23, 59, 59).expect("Invalid hour/min/sec")),
                 location: false,
             };
             let events = Activity::query(rl.db(), &filter)?;
-            let ctx = DateContext::new(&events, Utc::today().naive_utc());
+            let ctx = DateContext::new(&events, Utc::now().date_naive());
             println!("{}", ds.to_term_string(&ctx));
         }
         Ok(())

diff --git a/src/ipc/parent.rs b/src/ipc/parent.rs
@@ -71,6 +71,10 @@ impl IpcParent {
         let mut line = String::new();
         let len = self.stdout.read_line(&mut line)?;
 
+        if len == 0 {
+            bail!("Sandbox child has crashed");
+        }
+
         let event = serde_json::from_str(&line[..len])?;
         debug!("IpcParent received: {:?}", event);
         Ok(event)

diff --git a/src/sandbox/seccomp.rs b/src/sandbox/seccomp.rs
@@ -77,6 +77,7 @@ pub fn init() -> Result<()> {
     ctx.allow_syscall(Syscall::lseek)?;
     #[cfg(target_arch = "arm")]
     ctx.allow_syscall(Syscall::_llseek)?;
+    ctx.allow_syscall(Syscall::clone3)?;
 
     ctx.set_action_for_syscall(Action::Errno(1), Syscall::openat)?;
     #[cfg(not(any(target_arch = "aarch64", target_arch = "riscv64")))]

diff --git a/src/worker.rs b/src/worker.rs
@@ -488,6 +488,7 @@ pub fn spawn(rl: &mut Shell,
             tx.send(Event2::Start);
             let event = match ipc::parent::run(module, &tx, arg, keyring, verbose, has_stdin, proxy, user_agent, options, blobs) {
                 Ok(exit) => exit,
+                // TODO: this should include the whole error chain
                 Err(err) => ExitEvent::SetupFailed(err.to_string()),
             };
             tx.send(Event2::Exit(event));